3 +--------------------------------------------------------------------+
4 | CiviCRM version 4.7 |
5 +--------------------------------------------------------------------+
6 | Copyright CiviCRM LLC (c) 2004-2017 |
7 +--------------------------------------------------------------------+
8 | This file is a part of CiviCRM. |
10 | CiviCRM is free software; you can copy, modify, and distribute it |
11 | under the terms of the GNU Affero General Public License |
12 | Version 3, 19 November 2007 and the CiviCRM Licensing Exception. |
14 | CiviCRM is distributed in the hope that it will be useful, but |
15 | WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
17 | See the GNU Affero General Public License for more details. |
19 | You should have received a copy of the GNU Affero General Public |
20 | License and the CiviCRM Licensing Exception along |
21 | with this program; if not, contact CiviCRM LLC |
22 | at info[AT]civicrm[DOT]org. If you have questions about the |
23 | GNU Affero General Public License or the licensing of CiviCRM, |
24 | see the CiviCRM license FAQ at http://civicrm.org/licensing |
25 +--------------------------------------------------------------------+
29 * Dear God Why Do I Have To Write This (Dumb SQL Builder)
33 * $select = CRM_Utils_SQL_Select::from('civicrm_activity act')
34 * ->join('absence', 'inner join civicrm_activity absence on absence.id = act.source_record_id')
35 * ->where('activity_type_id = #type', array('type' => 234))
36 * ->where('status_id IN (#statuses)', array('statuses' => array(1,2,3))
37 * ->where('subject like @subj', array('subj' => '%hello%'))
38 * ->where('!dynamicColumn = 1', array('dynamicColumn' => 'coalesce(is_active,0)'))
39 * ->where('!column = @value', array(
40 * 'column' => $customField->column_name,
41 * 'value' => $form['foo']
43 * echo $select->toSQL();
48 * - No knowledge of the underlying SQL API (except for escaping -- CRM_Core_DAO::escapeString)
49 * - No knowledge of the underlying data model
51 * - SQL clauses correspond to PHP functions ($select->where("foo_id=123"))
52 * - Variable escaping is concise and controllable based on prefixes, eg
53 * - similar to Drupal's t()
54 * - use "@varname" to insert the escaped value
55 * - use "!varname" to insert raw (unescaped) values
56 * - use "#varname" to insert a numerical value (these are validated but not escaped)
57 * - to disable any preprocessing, simply omit the variable list
58 * - control characters (@!#) are mandatory in expressions but optional in arg-keys
59 * - Variables may be individual values or arrays; arrays are imploded with commas
60 * - Conditionals are AND'd; if you need OR's, do it yourself
61 * - Use classes/functions with documentation (rather than undocumented array-trees)
62 * - For any given string, interpolation is only performed once. After an interpolation,
63 * a string may never again be subjected to interpolation.
65 * The "interpolate-once" principle can be enforced by either interpolating on input
66 * xor output. The notations for input and output interpolation are a bit different,
67 * and they may not be mixed.
70 * // Interpolate on input. Set params when using them.
71 * $select->where('activity_type_id = #type', array(
75 * // Interpolate on output. Set params independently.
77 * ->where('activity_type_id = #type')
78 * ->param('type', 234),
82 * @copyright CiviCRM LLC (c) 2004-2017
84 class CRM_Utils_SQL_Select
implements ArrayAccess
{
87 * Interpolate values as soon as they are passed in (where(), join(), etc).
91 * Pro: Every clause has its own unique namespace for parameters.
92 * Con: Probably slower.
93 * Advice: Use this when aggregating SQL fragments from agents who
94 * maintained by different parties.
96 const INTERPOLATE_INPUT
= 'in';
99 * Interpolate values when rendering SQL output (toSQL()).
101 * Pro: Probably faster.
102 * Con: Must maintain an aggregated list of all parameters.
103 * Advice: Use this when you have control over the entire query.
105 const INTERPOLATE_OUTPUT
= 'out';
108 * Determine mode automatically. When the first attempt is made
109 * to use input-interpolation (eg `where(..., array(...))`) or
110 * output-interpolation (eg `param(...)`), the mode will be
111 * set. Subsequent calls will be validated using the same mode.
113 const INTERPOLATE_AUTO
= 'auto';
115 private $mode = NULL;
116 private $insertInto = NULL;
117 private $insertIntoFields = array();
118 private $selects = array();
120 private $joins = array();
121 private $wheres = array();
122 private $groupBys = array();
123 private $havings = array();
124 private $orderBys = array();
125 private $limit = NULL;
126 private $offset = NULL;
127 private $params = array();
128 private $distinct = NULL;
130 // Public to work-around PHP 5.3 limit.
131 public $strict = NULL;
134 * Create a new SELECT query.
136 * @param string $from
137 * Table-name and optional alias.
138 * @param array $options
139 * @return CRM_Utils_SQL_Select
141 public static function from($from, $options = array()) {
142 return new self($from, $options);
146 * Create a partial SELECT query.
148 * @param array $options
149 * @return CRM_Utils_SQL_Select
151 public static function fragment($options = array()) {
152 return new self(NULL, $options);
156 * Create a new SELECT query.
158 * @param string $from
159 * Table-name and optional alias.
160 * @param array $options
162 public function __construct($from, $options = array()) {
164 $this->mode
= isset($options['mode']) ?
$options['mode'] : self
::INTERPOLATE_AUTO
;
168 * Make a new copy of this query.
170 * @return CRM_Utils_SQL_Select
172 public function copy() {
177 * Merge something or other.
179 * @param CRM_Utils_SQL_Select $other
180 * @param array|NULL $parts
181 * ex: 'joins', 'wheres'
182 * @return CRM_Utils_SQL_Select
184 public function merge($other, $parts = NULL) {
185 if ($other === NULL) {
189 if ($this->mode
=== self
::INTERPOLATE_AUTO
) {
190 $this->mode
= $other->mode
;
192 elseif ($other->mode
=== self
::INTERPOLATE_AUTO
) {
195 elseif ($this->mode
!== $other->mode
) {
196 // Mixing modes will lead to someone getting an expected substitution.
197 throw new RuntimeException("Cannot merge queries that use different interpolation modes ({$this->mode} vs {$other->mode}).");
200 $arrayFields = array('insertIntoFields', 'selects', 'joins', 'wheres', 'groupBys', 'havings', 'orderBys', 'params');
201 foreach ($arrayFields as $f) {
202 if ($parts === NULL ||
in_array($f, $parts)) {
203 $this->{$f} = array_merge($this->{$f}, $other->{$f});
207 $flatFields = array('insertInto', 'from', 'limit', 'offset');
208 foreach ($flatFields as $f) {
209 if ($parts === NULL ||
in_array($f, $parts)) {
210 if ($other->{$f} !== NULL) {
211 $this->{$f} = $other->{$f};
220 * Add a new JOIN clause.
222 * Note: To add multiple JOINs at once, use $name===NULL and
223 * pass an array of $exprs.
225 * @param string|NULL $name
226 * The effective alias of the joined table.
227 * @param string|array $exprs
228 * The complete join expression (eg "INNER JOIN mytable myalias ON mytable.id = maintable.foo_id").
229 * @param array|null $args
230 * @return CRM_Utils_SQL_Select
232 public function join($name, $exprs, $args = NULL) {
233 if ($name !== NULL) {
234 $this->joins
[$name] = $this->interpolate($exprs, $args);
237 foreach ($exprs as $name => $expr) {
238 $this->joins
[$name] = $this->interpolate($expr, $args);
246 * Specify the column(s)/value(s) to return by adding to the SELECT clause
248 * @param string|array $exprs list of SQL expressions
249 * @param null|array $args use NULL to disable interpolation; use an array of variables to enable
250 * @return CRM_Utils_SQL_Select
252 public function select($exprs, $args = NULL) {
253 $exprs = (array) $exprs;
254 foreach ($exprs as $expr) {
255 $this->selects
[] = $this->interpolate($expr, $args);
261 * Return only distinct values
263 * @param bool $isDistinct allow DISTINCT select or not
264 * @return CRM_Utils_SQL_Select
266 public function distinct($isDistinct = TRUE) {
268 $this->distinct
= 'DISTINCT ';
274 * Limit results by adding extra condition(s) to the WHERE clause
276 * @param string|array $exprs list of SQL expressions
277 * @param null|array $args use NULL to disable interpolation; use an array of variables to enable
278 * @return CRM_Utils_SQL_Select
280 public function where($exprs, $args = NULL) {
281 $exprs = (array) $exprs;
282 foreach ($exprs as $expr) {
283 $evaluatedExpr = $this->interpolate($expr, $args);
284 $this->wheres
[$evaluatedExpr] = $evaluatedExpr;
290 * Group results by adding extra items to the GROUP BY clause.
292 * @param string|array $exprs list of SQL expressions
293 * @param null|array $args use NULL to disable interpolation; use an array of variables to enable
294 * @return CRM_Utils_SQL_Select
296 public function groupBy($exprs, $args = NULL) {
297 $exprs = (array) $exprs;
298 foreach ($exprs as $expr) {
299 $evaluatedExpr = $this->interpolate($expr, $args);
300 $this->groupBys
[$evaluatedExpr] = $evaluatedExpr;
306 * Limit results by adding extra condition(s) to the HAVING clause
308 * @param string|array $exprs list of SQL expressions
309 * @param null|array $args use NULL to disable interpolation; use an array of variables to enable
310 * @return CRM_Utils_SQL_Select
312 public function having($exprs, $args = NULL) {
313 $exprs = (array) $exprs;
314 foreach ($exprs as $expr) {
315 $evaluatedExpr = $this->interpolate($expr, $args);
316 $this->havings
[$evaluatedExpr] = $evaluatedExpr;
322 * Sort results by adding extra items to the ORDER BY clause.
324 * @param string|array $exprs list of SQL expressions
325 * @param null|array $args use NULL to disable interpolation; use an array of variables to enable
326 * @return CRM_Utils_SQL_Select
328 public function orderBy($exprs, $args = NULL) {
329 $exprs = (array) $exprs;
330 foreach ($exprs as $expr) {
331 $evaluatedExpr = $this->interpolate($expr, $args);
332 $this->orderBys
[$evaluatedExpr] = $evaluatedExpr;
338 * Set one (or multiple) parameters to interpolate into the query.
340 * @param array|string $keys
341 * Key name, or an array of key-value pairs.
342 * @param null|mixed $value
343 * The new value of the parameter.
344 * Values may be strings, ints, or arrays thereof -- provided that the
345 * SQL query uses appropriate prefix (e.g. "@", "!", "#").
346 * @return \CRM_Utils_SQL_Select
348 public function param($keys, $value = NULL) {
349 if ($this->mode
=== self
::INTERPOLATE_AUTO
) {
350 $this->mode
= self
::INTERPOLATE_OUTPUT
;
352 elseif ($this->mode
!== self
::INTERPOLATE_OUTPUT
) {
353 throw new RuntimeException("Select::param() only makes sense when interpolating on output.");
356 if (is_array($keys)) {
357 foreach ($keys as $k => $v) {
358 $this->params
[$k] = $v;
362 $this->params
[$keys] = $value;
368 * Set a limit on the number of records to return.
372 * @return CRM_Utils_SQL_Select
373 * @throws CRM_Core_Exception
375 public function limit($limit, $offset = 0) {
376 if ($limit !== NULL && !is_numeric($limit)) {
377 throw new CRM_Core_Exception("Illegal limit");
379 if ($offset !== NULL && !is_numeric($offset)) {
380 throw new CRM_Core_Exception("Illegal offset");
382 $this->limit
= $limit;
383 $this->offset
= $offset;
388 * Insert the results of the SELECT query into another
391 * @param string $table
392 * The name of the other table (which receives new data).
393 * @param array $fields
394 * The fields to fill in the other table (in order).
395 * @return CRM_Utils_SQL_Select
396 * @see insertIntoField
398 public function insertInto($table, $fields = array()) {
399 $this->insertInto
= $table;
400 $this->insertIntoField($fields);
405 * @param array $fields
406 * The fields to fill in the other table (in order).
407 * @return CRM_Utils_SQL_Select
409 public function insertIntoField($fields) {
410 $fields = (array) $fields;
411 foreach ($fields as $field) {
412 $this->insertIntoFields
[] = $field;
418 * @param array|NULL $parts
419 * List of fields to check (e.g. 'selects', 'joins').
423 public function isEmpty($parts = NULL) {
438 if ($parts !== NULL) {
439 $fields = array_intersect($fields, $parts);
441 foreach ($fields as $field) {
442 if (!empty($this->{$field})) {
450 * Enable (or disable) strict mode.
452 * In strict mode, unknown variables will generate exceptions.
454 * @param bool $strict
455 * @return CRM_Utils_SQL_Select
457 public function strict($strict = TRUE) {
458 $this->strict
= $strict;
463 * Given a string like "field_name = @value", replace "@value" with an escaped SQL string
465 * @param string $expr SQL expression
466 * @param null|array $args a list of values to insert into the SQL expression; keys are prefix-coded:
467 * prefix '@' => escape SQL
468 * prefix '#' => literal number, skip escaping but do validation
469 * prefix '!' => literal, skip escaping and validation
470 * if a value is an array, then it will be imploded
472 * PHP NULL's will be treated as SQL NULL's. The PHP string "null" will be treated as a string.
474 * @param string $activeMode
478 public function interpolate($expr, $args, $activeMode = self
::INTERPOLATE_INPUT
) {
479 if ($args === NULL) {
483 if ($this->mode
=== self
::INTERPOLATE_AUTO
) {
484 $this->mode
= $activeMode;
486 elseif ($activeMode !== $this->mode
) {
487 throw new RuntimeException("Cannot mix interpolation modes.");
491 return preg_replace_callback('/([#!@])([a-zA-Z0-9_]+)/', function($m) use ($select, $args) {
492 if (isset($args[$m[2]])) {
493 $values = $args[$m[2]];
495 elseif (isset($args[$m[1] . $m[2]])) {
496 // Backward compat. Keys in $args look like "#myNumber" or "@myString".
497 $values = $args[$m[1] . $m[2]];
499 elseif ($select->strict
) {
500 throw new CRM_Core_Exception('Cannot build query. Variable "' . $m[1] . $m[2] . '" is unknown.');
503 // Unrecognized variables are ignored. Mitigate risk of accidents.
506 $values = is_array($values) ?
$values : array($values);
509 $parts = array_map(array($select, 'escapeString'), $values);
510 return implode(', ', $parts);
512 // TODO: ensure all uses of this un-escaped literal are safe
514 return implode(', ', $values);
517 foreach ($values as $valueKey => $value) {
518 if ($value === NULL) {
519 $values[$valueKey] = 'NULL';
521 elseif (!is_numeric($value)) {
522 //throw new API_Exception("Failed encoding non-numeric value" . var_export(array($m[0] => $values), TRUE));
523 throw new CRM_Core_Exception("Failed encoding non-numeric value (" . $m[0] . ")");
526 return implode(', ', $values);
529 throw new CRM_Core_Exception("Unrecognized prefix");
536 * @param string|NULL $value
538 * SQL expression, e.g. "it\'s great" (with-quotes) or NULL (without-quotes)
540 public function escapeString($value) {
541 return $value === NULL ?
'NULL' : '"' . CRM_Core_DAO
::escapeString($value) . '"';
548 public function toSQL() {
550 if ($this->insertInto
) {
551 $sql .= 'INSERT INTO ' . $this->insertInto
. ' (';
552 $sql .= implode(', ', $this->insertIntoFields
);
555 if ($this->selects
) {
556 $sql .= 'SELECT ' . $this->distinct
. implode(', ', $this->selects
) . "\n";
559 $sql .= 'SELECT *' . "\n";
561 if ($this->from
!== NULL) {
562 $sql .= 'FROM ' . $this->from
. "\n";
564 foreach ($this->joins
as $join) {
565 $sql .= $join . "\n";
568 $sql .= 'WHERE (' . implode(') AND (', $this->wheres
) . ")\n";
570 if ($this->groupBys
) {
571 $sql .= 'GROUP BY ' . implode(', ', $this->groupBys
) . "\n";
573 if ($this->havings
) {
574 $sql .= 'HAVING (' . implode(') AND (', $this->havings
) . ")\n";
576 if ($this->orderBys
) {
577 $sql .= 'ORDER BY ' . implode(', ', $this->orderBys
) . "\n";
579 if ($this->limit
!== NULL) {
580 $sql .= 'LIMIT ' . $this->limit
. "\n";
581 if ($this->offset
!== NULL) {
582 $sql .= 'OFFSET ' . $this->offset
. "\n";
585 if ($this->mode
=== self
::INTERPOLATE_OUTPUT
) {
586 $sql = $this->interpolate($sql, $this->params
, self
::INTERPOLATE_OUTPUT
);
592 * Has an offset been set.
594 * @param string $offset
598 public function offsetExists($offset) {
599 return isset($this->params
[$offset]);
603 * Get the value of a SQL parameter.
606 * $select['cid'] = 123;
607 * $select->where('contact.id = #cid');
608 * echo $select['cid'];
611 * @param string $offset
614 * @see ArrayAccess::offsetGet
616 public function offsetGet($offset) {
617 return $this->params
[$offset];
621 * Set the value of a SQL parameter.
624 * $select['cid'] = 123;
625 * $select->where('contact.id = #cid');
626 * echo $select['cid'];
629 * @param string $offset
630 * @param mixed $value
631 * The new value of the parameter.
632 * Values may be strings, ints, or arrays thereof -- provided that the
633 * SQL query uses appropriate prefix (e.g. "@", "!", "#").
635 * @see ArrayAccess::offsetSet
637 public function offsetSet($offset, $value) {
638 $this->param($offset, $value);
642 * Unset the value of a SQL parameter.
644 * @param string $offset
646 * @see ArrayAccess::offsetUnset
648 public function offsetUnset($offset) {
649 unset($this->params
[$offset]);